Legislative Observatory
European Parliament
Please fill in this field to find a procedure

European Network and Information Security Agency (ENISA): duration

2010/0274(COD)

PURPOSE: the extension of the mandate of the European Network and Information Security Agency (ENISA) until September 2013.

PROPOSED ACT: Regulation of the European Parliament and of the Council.

BACKGROUND: The European Network and Information Security Agency (hereinafter ENISA) was set up in March 2004 for an initial period of five years by Regulation (EC) No 460/2004. Regulation (EC) No 1007/2008extended ENISA’s mandate until March 2012.

The extension of ENISA’s mandate in 2008 also launched a debate on the general direction of European efforts towards network and information security (NIS), to which the Commission contributed by launching a public consultation (which ran from November 2008 to January 2009 and gathered nearly 600 contributions).

On 30 March 2009, the Commission adopted a Communication on Critical Information Infrastructure Protection(CIIP) focusing on the protection of Europe from cyber attacks and cyber disruptions by enhancing preparedness, security and resilience, with an Action Plan calling on ENISA to play a role, mainly in support to Member States. The Action Plan was broadly endorsed in the discussion at the Ministerial Conference on CIIP held in Tallinn, Estonia, on 27 and 28 April 2009. The European Union Presidency’s Conference Conclusions stress the importance of the need to rethink and reformulate the Agency’s mandate.

After discussion at the Telecom Council of 11 June 2009, Member States expressed support for extending the ENISA’s mandate and increasing its resources in the light of the importance of NIS and the evolving challenges in the area

It is therefore now proposed to extend ENISA’s mandate until 2013 to allow sufficient time for the adoption of a new Regulation that would thoroughly revise the provisions governing the Agency (a proposal for a recast of the Regulation establishing the Agency is proposed in parallel).

IMPACT ASSESSMENT: no impact assessment was undertaken.

LEGAL BASE: Article 114 of the Treaty on the Functioning of the European Union (TFEU).

CONTENT: this proposal seeks to amend Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency with a view to extending its mandate until 13 September 2013, the time that will allow Parliament and Council to adopt a new Regulation revising the provisions governing the Agency and establishing the Agency for a 5-year duration. This proposal provides for the extension of the Agency’s current mandate by 18 months.

FINANCIAL IMPLICATION: in its financial impact statement, the European Commission estimates the necessary funding for the extension of ENISA’s current mandate at EUR 12.698 million in commitments and payments for the period running from 14 March 2012 to 13 September 2013. These sums would come from heading 1a of the financial perspectives (EUR 6.673 million in 2012 and EUR 6.025 million in 2013).